BENGALURU — Indian crypto exchange CoinDCX has fallen victim to a massive cyberattack, losing nearly ₹368 crore (~$44.2 million) in a targeted breach. While the scale of the loss is alarming, the company has reassured its users: no customer funds were compromised.
The breach, which hit an internal operational account used for liquidity provisioning on a partner exchange, has sent shockwaves through the Indian crypto community. However, CoinDCX has committed to covering the entire loss from its own treasury, earning praise for prioritizing user protection.
“Your Funds Are Safe,” Says CEO
In a public statement, CEO Sumit Gupta explained the breach resulted from a sophisticated server-side attack but emphasized swift action limited the impact.
“One of our internal accounts was compromised, but CoinDCX wallets holding customer funds remain secure and untouched,” Gupta said.
Co-founder Neeraj Khandelwal echoed the commitment, stating:
“Users will not face any financial loss. We stand by our responsibility to protect the community.”
Platform Still Operational Amid Investigation
Despite the attack, all key services—trading, INR withdrawals, and user access—remain fully functional. Some users briefly faced difficulty accessing their portfolios due to heavy server load, but the issue was resolved with a boost in server capacity.
The incident was first flagged by on-chain investigator ZachXBT and cybersecurity firm Cyvers, who observed suspicious fund movements before CoinDCX went public with the breach.
How the Attack Happened
The attackers reportedly moved USDC and USDT stablecoins from Solana to Ethereum, using Tornado Cash to obscure the trail—a known tactic for laundering stolen crypto. Analysts say the attacker funded the wallet with 1 ETH through Tornado Cash before executing the exploit.
CoinDCX Responds with Transparency and Action
The company is now working with external cybersecurity experts, blockchain forensics teams, and the partner exchange involved to trace the breach and patch vulnerabilities.
CoinDCX is also planning to launch a bug bounty program, inviting ethical hackers and security researchers to help detect and fix flaws before malicious actors can exploit them.
“We’re treating this as a wake-up call,” Gupta said. “Security will be stronger than ever.”
India’s Crypto Sector Under Pressure
This breach comes less than a year after WazirX, another major Indian exchange, suffered a similar cyberattack. While that incident sparked outrage over delayed communication, CoinDCX’s swift, transparent response has drawn praise from the broader crypto community.
As the Indian crypto landscape matures, trust and transparency are becoming non-negotiable. By absorbing the loss internally and communicating openly, CoinDCX has taken a major step toward rebuilding confidence—even in the face of a crisis.
